I'm in a country where the right to vote is not under attack (yet at least). The Republicans have been doing their level best to reduce the number of voters and slicing the electorate into favorable lots (gerrymandering). Now it would be nice if the US could just hold elections in a similar manner to (most) European nations and just allow all citizens to vote (no registration needed) and some states are moving that way [0]. This effort is one of the fronts of that war where people want to preserve their right to vote. It's especially relevant now in this strange year of social distancing. The concerns you cite are all valid and some have mitigations. VBM is usually not mail-in but mail-out ballots. You get your ballot by mail, fill it in then go to the post-office or some designated location to hand in the ballot. It has round about the same chances for corruption as a regular paper election. If you could at that location invalidate your ballot and get a new one then voter pressuring goes away too. That leaves secrecy violation. If there's nothing that links serial numbers with voters (it's just the signature that validates the ballot), then there's no chance of secrecy violation.
In a perfect world I would execute elections in the same manner we do in Iceland. Voting booth, paper ballots, pencils for marks. We have a presidential election this summer and everyone was worried if COVID would suppress the vote. Looks like it won't since we only have 2 active cases and new cases are almost none (can't find the numbers atm but iirc we had 7 new cases in the month of May).
I believe we are mostly on the same page. Voting should be in person, on paper, on a weekend day. It can be done, even in covid times.
One more thought: Simple >>> Complex.
Small variations in a technically correct process may break some of its properties. The more complex the process, the easier is to inject variations, some of them adversarial. If gerrymandering is to be taken as an example, this can be taken to quite some extremes by two sides driven to win the zero-sum game at all costs. But even in absence of that, bugs happen.
To nitpick one detail, I'm not persuaded by the secrecy violation prevention argument. You either prevent secrecy violation by anonymization, or you prevent vote fraud by keeping a link between the voter and the ballot. You can't have both at the same time. In person voting minimizes the bounding box of anonymization: in space, at the ballot box, and in time, the election day. Hopefully both parties afford to have observers during this space-time interval. As you spread out the voting process, both spatially and temporally, it becomes increasingly impractical / too expensive to maintain observers of the entire process.
Fair enough. If I understand correctly, the server only uses the user's identity to generate a random serial number, then only remembers the serial number and the fact that user X has generated a serial number.
With that, we are left with the following attack vectors: the server and its software, either via hacking or via subtle rule tweaks, targeted ballot invalidation, voter pressure. As a technopesimist, I'm especially uncomfortable that a key piece of the process is an opaque blob of silicon that can't meaningfully be inspected by a human observer. Echoes of Diebold voting machines, plus billions of dollars poured into elections. But I can see why HN audience is prone to be persuaded this is a good idea.
I generally think that paper and pencil are far superior to electronic machines for voting. Algorithms and computing can enable methods to support paper voting.
Clarification: serial number is mailed with the ballot, contains a signature (like two part keys for API f.ex.). You submit the serial for signing through authentication mechanism (verifying the voter). The signature can be either PKI or hash. This way you can validate serials, signatures and have them independent from the ballot after separation. If you have designated drop-off locations you insure the ballots are tamper-proof after being filled out (barring massive system-wide fraud).
In practice, vote secrecy does not appear to be a priority concern of the authorities. More so when you have to educate more than 3000 local authorities [number of counties in US] to pay attention to the issue. I did a quick duckduckgo for images of US mail-in ballots, and found many instances of mail that have the sender information on, as is customary for US postage. Found even a couple pictures of ballot envelopes from Portland, Oregon, where they explicitly ask the voter to provide a return address, that is to tie their identity to the ballot:
In a perfect world I would execute elections in the same manner we do in Iceland. Voting booth, paper ballots, pencils for marks. We have a presidential election this summer and everyone was worried if COVID would suppress the vote. Looks like it won't since we only have 2 active cases and new cases are almost none (can't find the numbers atm but iirc we had 7 new cases in the month of May).
[0]: https://www.brennancenter.org/our-work/research-reports/auto...